diff options
| author | Bert Belder <bertbelder@gmail.com> | 2012-06-21 00:33:44 +0200 |
|---|---|---|
| committer | Bert Belder <bertbelder@gmail.com> | 2012-06-21 00:33:44 +0200 |
| commit | 6b26583e8450e837886b84610305698fa447fa7e (patch) | |
| tree | 340368e8ac7b2e6efe700833c6b74d78db98b267 /deps/v8 | |
| parent | fe464a2fea93880a7da883138f83a2ae8ad6a30f (diff) | |
| download | node-new-6b26583e8450e837886b84610305698fa447fa7e.tar.gz | |
v8: upgrade to v3.11.10.10
Diffstat (limited to 'deps/v8')
22 files changed, 182 insertions, 44 deletions
diff --git a/deps/v8/build/common.gypi b/deps/v8/build/common.gypi index 2d8dc11b70..7f084b8c1d 100644 --- a/deps/v8/build/common.gypi +++ b/deps/v8/build/common.gypi @@ -239,6 +239,7 @@ 'WIN32', ], 'msvs_configuration_attributes': { + 'OutputDirectory': '<(DEPTH)\\build\\$(ConfigurationName)', 'IntermediateDirectory': '$(OutDir)\\obj\\$(ProjectName)', 'CharacterSet': '1', }, @@ -270,7 +271,7 @@ 'target_conditions': [ ['_toolset=="host"', { 'variables': { - 'm32flag': '<!((echo | $(echo ${CXX_host:-$(which g++)}) -m32 -E - > /dev/null 2>&1) && echo "-m32" || true)', + 'm32flag': '<!((echo | $(echo ${CXX_host:-$(which g++)}) -m32 -E - > /dev/null 2>&1) && echo -n "-m32" || true)', }, 'cflags': [ '<(m32flag)' ], 'ldflags': [ '<(m32flag)' ], @@ -280,7 +281,7 @@ }], ['_toolset=="target"', { 'variables': { - 'm32flag': '<!((echo | $(echo ${CXX_target:-${CXX:-$(which g++)}}) -m32 -E - > /dev/null 2>&1) && echo "-m32" || true)', + 'm32flag': '<!((echo | $(echo ${CXX_target:-${CXX:-$(which g++)}}) -m32 -E - > /dev/null 2>&1) && echo -n "-m32" || true)', }, 'cflags': [ '<(m32flag)' ], 'ldflags': [ '<(m32flag)' ], @@ -323,7 +324,7 @@ }, 'conditions': [ ['OS=="linux" or OS=="freebsd" or OS=="openbsd" or OS=="netbsd"', { - 'cflags': [ '-Wno-unused-parameter', + 'cflags': [ '-Wall', '<(werror)', '-W', '-Wno-unused-parameter', '-Wnon-virtual-dtor', '-Woverloaded-virtual' ], }], ], diff --git a/deps/v8/src/arm/full-codegen-arm.cc b/deps/v8/src/arm/full-codegen-arm.cc index 30c131c644..ff7c3c139e 100644 --- a/deps/v8/src/arm/full-codegen-arm.cc +++ b/deps/v8/src/arm/full-codegen-arm.cc @@ -328,7 +328,7 @@ void FullCodeGenerator::EmitProfilingCounterReset() { } if (isolate()->IsDebuggerActive()) { // Detect debug break requests as soon as possible. - reset_value = FLAG_interrupt_budget >> 4; + reset_value = 10; } __ mov(r2, Operand(profiling_counter_)); __ mov(r3, Operand(Smi::FromInt(reset_value))); diff --git a/deps/v8/src/arm/lithium-codegen-arm.cc b/deps/v8/src/arm/lithium-codegen-arm.cc index 256d180f2f..b03ba8c396 100644 --- a/deps/v8/src/arm/lithium-codegen-arm.cc +++ b/deps/v8/src/arm/lithium-codegen-arm.cc @@ -2594,15 +2594,15 @@ void LCodeGen::EmitLoadFieldOrConstantFunction(Register result, } else { // Negative lookup. // Check prototypes. - HeapObject* current = HeapObject::cast((*type)->prototype()); + Handle<HeapObject> current(HeapObject::cast((*type)->prototype())); Heap* heap = type->GetHeap(); - while (current != heap->null_value()) { - Handle<HeapObject> link(current); - __ LoadHeapObject(result, link); + while (*current != heap->null_value()) { + __ LoadHeapObject(result, current); __ ldr(result, FieldMemOperand(result, HeapObject::kMapOffset)); - __ cmp(result, Operand(Handle<Map>(JSObject::cast(current)->map()))); + __ cmp(result, Operand(Handle<Map>(current->map()))); DeoptimizeIf(ne, env); - current = HeapObject::cast(current->map()->prototype()); + current = + Handle<HeapObject>(HeapObject::cast(current->map()->prototype())); } __ LoadRoot(result, Heap::kUndefinedValueRootIndex); } diff --git a/deps/v8/src/arm/macro-assembler-arm.cc b/deps/v8/src/arm/macro-assembler-arm.cc index 7c49e9e58a..933399e00f 100644 --- a/deps/v8/src/arm/macro-assembler-arm.cc +++ b/deps/v8/src/arm/macro-assembler-arm.cc @@ -2878,7 +2878,8 @@ void MacroAssembler::LoadTransitionedArrayMapConditional( Context::SlotOffset(Context::JS_ARRAY_MAPS_INDEX))); size_t offset = expected_kind * kPointerSize + FixedArrayBase::kHeaderSize; - cmp(map_in_out, scratch); + ldr(ip, FieldMemOperand(scratch, offset)); + cmp(map_in_out, ip); b(ne, no_map_match); // Use the transitioned cached map. diff --git a/deps/v8/src/hydrogen.cc b/deps/v8/src/hydrogen.cc index 61488aff2a..2c8a0f659c 100644 --- a/deps/v8/src/hydrogen.cc +++ b/deps/v8/src/hydrogen.cc @@ -4698,7 +4698,7 @@ HInstruction* HGraphBuilder::BuildStoreNamedField(HValue* object, // If the property does not exist yet, we have to check that it wasn't made // readonly or turned into a setter by some meanwhile modifications on the // prototype chain. - if (!lookup->IsProperty()) { + if (!lookup->IsProperty() && type->prototype()->IsJSReceiver()) { Object* proto = type->prototype(); // First check that the prototype chain isn't affected already. LookupResult proto_result(isolate()); diff --git a/deps/v8/src/ia32/full-codegen-ia32.cc b/deps/v8/src/ia32/full-codegen-ia32.cc index 77c095ad1c..5a513fd483 100644 --- a/deps/v8/src/ia32/full-codegen-ia32.cc +++ b/deps/v8/src/ia32/full-codegen-ia32.cc @@ -317,6 +317,10 @@ void FullCodeGenerator::EmitProfilingCounterReset() { // Self-optimization is a one-off thing: if it fails, don't try again. reset_value = Smi::kMaxValue; } + if (isolate()->IsDebuggerActive()) { + // Detect debug break requests as soon as possible. + reset_value = 10; + } __ mov(ebx, Immediate(profiling_counter_)); __ mov(FieldOperand(ebx, JSGlobalPropertyCell::kValueOffset), Immediate(Smi::FromInt(reset_value))); diff --git a/deps/v8/src/ia32/lithium-codegen-ia32.cc b/deps/v8/src/ia32/lithium-codegen-ia32.cc index 7fd64ca9c3..7c9c882606 100644 --- a/deps/v8/src/ia32/lithium-codegen-ia32.cc +++ b/deps/v8/src/ia32/lithium-codegen-ia32.cc @@ -2325,15 +2325,15 @@ void LCodeGen::EmitLoadFieldOrConstantFunction(Register result, } else { // Negative lookup. // Check prototypes. - HeapObject* current = HeapObject::cast((*type)->prototype()); + Handle<HeapObject> current(HeapObject::cast((*type)->prototype())); Heap* heap = type->GetHeap(); - while (current != heap->null_value()) { - Handle<HeapObject> link(current); - __ LoadHeapObject(result, link); + while (*current != heap->null_value()) { + __ LoadHeapObject(result, current); __ cmp(FieldOperand(result, HeapObject::kMapOffset), - Handle<Map>(JSObject::cast(current)->map())); + Handle<Map>(current->map())); DeoptimizeIf(not_equal, env); - current = HeapObject::cast(current->map()->prototype()); + current = + Handle<HeapObject>(HeapObject::cast(current->map()->prototype())); } __ mov(result, factory()->undefined_value()); } diff --git a/deps/v8/src/list.h b/deps/v8/src/list.h index 3ca4a3fba8..7fd4f5cd2d 100644 --- a/deps/v8/src/list.h +++ b/deps/v8/src/list.h @@ -74,6 +74,11 @@ class List { AllocationPolicy::Delete(p); } + // Please the MSVC compiler. We should never have to execute this. + INLINE(void operator delete(void* p, AllocationPolicy allocator)) { + UNREACHABLE(); + } + // Returns a reference to the element at index i. This reference is // not safe to use after operations that can change the list's // backing store (e.g. Add). diff --git a/deps/v8/src/mips/full-codegen-mips.cc b/deps/v8/src/mips/full-codegen-mips.cc index 9013860013..263656ea01 100644 --- a/deps/v8/src/mips/full-codegen-mips.cc +++ b/deps/v8/src/mips/full-codegen-mips.cc @@ -332,7 +332,7 @@ void FullCodeGenerator::EmitProfilingCounterReset() { } if (isolate()->IsDebuggerActive()) { // Detect debug break requests as soon as possible. - reset_value = FLAG_interrupt_budget >> 4; + reset_value = 10; } __ li(a2, Operand(profiling_counter_)); __ li(a3, Operand(Smi::FromInt(reset_value))); diff --git a/deps/v8/src/mips/lithium-codegen-mips.cc b/deps/v8/src/mips/lithium-codegen-mips.cc index 67dbe69def..68f8a3dd7d 100644 --- a/deps/v8/src/mips/lithium-codegen-mips.cc +++ b/deps/v8/src/mips/lithium-codegen-mips.cc @@ -2338,15 +2338,14 @@ void LCodeGen::EmitLoadFieldOrConstantFunction(Register result, } else { // Negative lookup. // Check prototypes. - HeapObject* current = HeapObject::cast((*type)->prototype()); + Handle<HeapObject> current(HeapObject::cast((*type)->prototype())); Heap* heap = type->GetHeap(); - while (current != heap->null_value()) { - Handle<HeapObject> link(current); - __ LoadHeapObject(result, link); + while (*current != heap->null_value()) { + __ LoadHeapObject(result, current); __ lw(result, FieldMemOperand(result, HeapObject::kMapOffset)); - DeoptimizeIf(ne, env, - result, Operand(Handle<Map>(JSObject::cast(current)->map()))); - current = HeapObject::cast(current->map()->prototype()); + DeoptimizeIf(ne, env, result, Operand(Handle<Map>(current->map()))); + current = + Handle<HeapObject>(HeapObject::cast(current->map()->prototype())); } __ LoadRoot(result, Heap::kUndefinedValueRootIndex); } diff --git a/deps/v8/src/mips/macro-assembler-mips.cc b/deps/v8/src/mips/macro-assembler-mips.cc index 1a6bc216cc..51b3a3823f 100644 --- a/deps/v8/src/mips/macro-assembler-mips.cc +++ b/deps/v8/src/mips/macro-assembler-mips.cc @@ -4459,8 +4459,7 @@ void MacroAssembler::LoadTransitionedArrayMapConditional( Context::SlotOffset(Context::JS_ARRAY_MAPS_INDEX))); size_t offset = expected_kind * kPointerSize + FixedArrayBase::kHeaderSize; - lw(at, FieldMemOperand(scratch, offset)); - Branch(no_map_match, ne, map_in_out, Operand(at)); + Branch(no_map_match, ne, map_in_out, Operand(scratch)); // Use the transitioned cached map. offset = transitioned_kind * kPointerSize + diff --git a/deps/v8/src/objects.cc b/deps/v8/src/objects.cc index 712366f7a3..6b2f64ac2e 100644 --- a/deps/v8/src/objects.cc +++ b/deps/v8/src/objects.cc @@ -7388,7 +7388,7 @@ void Map::ClearNonLiveTransitions(Heap* heap) { } else { keep_entry = true; } - } else if (!getter->IsTheHole()) { + } else if (!setter->IsTheHole()) { keep_entry = true; } } else { diff --git a/deps/v8/src/profile-generator.cc b/deps/v8/src/profile-generator.cc index ca19f4aaaf..a3143bea5b 100644 --- a/deps/v8/src/profile-generator.cc +++ b/deps/v8/src/profile-generator.cc @@ -2692,6 +2692,10 @@ void V8HeapExplorer::TagGlobalObjects() { Object* obj_document; if (global_obj->GetProperty(*document_string)->ToObject(&obj_document) && obj_document->IsJSObject()) { + // FixMe: Workaround: SharedWorker's current Isolate has NULL context. + // As result GetProperty(*url_string) will crash. + if (!Isolate::Current()->context() && obj_document->IsJSGlobalProxy()) + continue; JSObject* document = JSObject::cast(obj_document); Object* obj_url; if (document->GetProperty(*url_string)->ToObject(&obj_url) && diff --git a/deps/v8/src/runtime.cc b/deps/v8/src/runtime.cc index 9e389492ec..199371fe46 100644 --- a/deps/v8/src/runtime.cc +++ b/deps/v8/src/runtime.cc @@ -1123,11 +1123,13 @@ static MaybeObject* GetOwnProperty(Isolate* isolate, elms->set(IS_ACCESSOR_INDEX, heap->true_value()); AccessorPair* accessors = AccessorPair::cast(result.GetCallbackObject()); - if (CheckAccess(*obj, *name, &result, v8::ACCESS_GET)) { - elms->set(GETTER_INDEX, accessors->GetComponent(ACCESSOR_GETTER)); + Object* getter = accessors->GetComponent(ACCESSOR_GETTER); + if (!getter->IsMap() && CheckAccess(*obj, *name, &result, v8::ACCESS_GET)) { + elms->set(GETTER_INDEX, getter); } - if (CheckAccess(*obj, *name, &result, v8::ACCESS_SET)) { - elms->set(SETTER_INDEX, accessors->GetComponent(ACCESSOR_SETTER)); + Object* setter = accessors->GetComponent(ACCESSOR_SETTER); + if (!setter->IsMap() && CheckAccess(*obj, *name, &result, v8::ACCESS_SET)) { + elms->set(SETTER_INDEX, setter); } } else { elms->set(IS_ACCESSOR_INDEX, heap->false_value()); diff --git a/deps/v8/src/splay-tree.h b/deps/v8/src/splay-tree.h index 388f9b5429..8844d8a8ff 100644 --- a/deps/v8/src/splay-tree.h +++ b/deps/v8/src/splay-tree.h @@ -66,9 +66,13 @@ class SplayTree { AllocationPolicy allocator = AllocationPolicy())) { return allocator.New(static_cast<int>(size)); } - INLINE(void operator delete(void* p, size_t)) { + INLINE(void operator delete(void* p)) { AllocationPolicy::Delete(p); } + // Please the MSVC compiler. We should never have to execute this. + INLINE(void operator delete(void* p, AllocationPolicy policy)) { + UNREACHABLE(); + } // Inserts the given key in this tree with the given value. Returns // true if a node was inserted, otherwise false. If found the locator @@ -119,9 +123,14 @@ class SplayTree { INLINE(void* operator new(size_t size, AllocationPolicy allocator)) { return allocator.New(static_cast<int>(size)); } - INLINE(void operator delete(void* p, size_t)) { + INLINE(void operator delete(void* p)) { return AllocationPolicy::Delete(p); } + // Please the MSVC compiler. We should never have to execute + // this. + INLINE(void operator delete(void* p, AllocationPolicy allocator)) { + UNREACHABLE(); + } Key key() { return key_; } Value value() { return value_; } diff --git a/deps/v8/src/version.cc b/deps/v8/src/version.cc index 06912b100b..03526d3764 100644 --- a/deps/v8/src/version.cc +++ b/deps/v8/src/version.cc @@ -35,7 +35,7 @@ #define MAJOR_VERSION 3 #define MINOR_VERSION 11 #define BUILD_NUMBER 10 -#define PATCH_LEVEL 0 +#define PATCH_LEVEL 10 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) #define IS_CANDIDATE_VERSION 0 diff --git a/deps/v8/src/x64/full-codegen-x64.cc b/deps/v8/src/x64/full-codegen-x64.cc index 1e2afeb682..a3e42eb505 100644 --- a/deps/v8/src/x64/full-codegen-x64.cc +++ b/deps/v8/src/x64/full-codegen-x64.cc @@ -310,6 +310,10 @@ void FullCodeGenerator::EmitProfilingCounterReset() { // Self-optimization is a one-off thing; if it fails, don't try again. reset_value = Smi::kMaxValue; } + if (isolate()->IsDebuggerActive()) { + // Detect debug break requests as soon as possible. + reset_value = 10; + } __ movq(rbx, profiling_counter_, RelocInfo::EMBEDDED_OBJECT); __ movq(kScratchRegister, reinterpret_cast<uint64_t>(Smi::FromInt(reset_value)), diff --git a/deps/v8/src/x64/lithium-codegen-x64.cc b/deps/v8/src/x64/lithium-codegen-x64.cc index bc8f84864e..f62528e34a 100644 --- a/deps/v8/src/x64/lithium-codegen-x64.cc +++ b/deps/v8/src/x64/lithium-codegen-x64.cc @@ -2218,15 +2218,15 @@ void LCodeGen::EmitLoadFieldOrConstantFunction(Register result, } else { // Negative lookup. // Check prototypes. - HeapObject* current = HeapObject::cast((*type)->prototype()); + Handle<HeapObject> current(HeapObject::cast((*type)->prototype())); Heap* heap = type->GetHeap(); - while (current != heap->null_value()) { - Handle<HeapObject> link(current); - __ LoadHeapObject(result, link); + while (*current != heap->null_value()) { + __ LoadHeapObject(result, current); __ Cmp(FieldOperand(result, HeapObject::kMapOffset), - Handle<Map>(JSObject::cast(current)->map())); + Handle<Map>(current->map())); DeoptimizeIf(not_equal, env); - current = HeapObject::cast(current->map()->prototype()); + current = + Handle<HeapObject>(HeapObject::cast(current->map()->prototype())); } __ LoadRoot(result, Heap::kUndefinedValueRootIndex); } diff --git a/deps/v8/test/mjsunit/regress/regress-115100.js b/deps/v8/test/mjsunit/regress/regress-115100.js new file mode 100644 index 0000000000..c917446eff --- /dev/null +++ b/deps/v8/test/mjsunit/regress/regress-115100.js @@ -0,0 +1,36 @@ +// Copyright 2012 the V8 project authors. All rights reserved. +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +// Flags: --allow-natives-syntax + +function foo(obj) { obj.prop = 0; } +function mk() { return Object.create(null); } + +foo(mk()); +foo(mk()); +%OptimizeFunctionOnNextCall(foo); +foo(mk()); diff --git a/deps/v8/test/mjsunit/regress/regress-133211.js b/deps/v8/test/mjsunit/regress/regress-133211.js new file mode 100644 index 0000000000..f9473d1ddf --- /dev/null +++ b/deps/v8/test/mjsunit/regress/regress-133211.js @@ -0,0 +1,35 @@ +// Copyright 2011 the V8 project authors. All rights reserved. +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +// Make sure we don't leak maps when reading intermediate property descriptors. + +var o = {}; +var x = {}; +Object.defineProperty(o, "foo", { get: undefined }); +Object.defineProperty(x, "foo", { get: undefined, set: undefined }); +var pd = Object.getOwnPropertyDescriptor(o, "foo"); +assertEquals(undefined, pd.set); diff --git a/deps/v8/test/mjsunit/regress/regress-133211b.js b/deps/v8/test/mjsunit/regress/regress-133211b.js new file mode 100644 index 0000000000..87e35f4561 --- /dev/null +++ b/deps/v8/test/mjsunit/regress/regress-133211b.js @@ -0,0 +1,39 @@ +// Copyright 2011 the V8 project authors. All rights reserved. +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +// Flags: --expose-gc + +setter = function(x) { return; } +var o = {}; +Object.defineProperty(o, "foo", { set: setter }); +var x = {}; +Object.defineProperty(x, "foo", { set: setter }); +x.bar = 20; +x = {}; +gc(); +o.foo = 20; +assertEquals(undefined, o.foo); diff --git a/deps/v8/tools/gen-postmortem-metadata.py b/deps/v8/tools/gen-postmortem-metadata.py index f59cfd3033..b9b162548f 100644 --- a/deps/v8/tools/gen-postmortem-metadata.py +++ b/deps/v8/tools/gen-postmortem-metadata.py @@ -78,8 +78,8 @@ consts_misc = [ { 'name': 'SmiValueShift', 'value': 'kSmiTagSize' }, { 'name': 'PointerSizeLog2', 'value': 'kPointerSizeLog2' }, - { 'name': 'prop_idx_transitions', - 'value': 'DescriptorArray::kTransitionsIndex' }, + { 'name': 'prop_idx_content', + 'value': 'DescriptorArray::kContentArrayIndex' }, { 'name': 'prop_idx_first', 'value': 'DescriptorArray::kFirstIndex' }, { 'name': 'prop_type_field', |